• Performs threat modeling to identify all possible attack vectors
• Conduct vulnerability assessment and penetration testing against a wide array
of technologies and platforms including (Network, Infrastructure, WEB
Applications, and Mobile apps including IOS and Android and API)
• Select the appropriate technical tests, network or vulnerability scan tools
and/or pen testing tools based on review of requirements and purpose
• Conduct relevant research, data analysis, and create reports
• Contribute to predictive analysis of malicious activity
• Understand, review, and interpret vulnerability assessment and scanning
results, reduce false positive findings, and act as security advisor to business
• Track public and privately released vulnerabilities and assists in the triage
• Perform black box and gray box testing, source code analysis, manual pen
testing, and vulnerability assessments
• Perform hands on technical validation of vulnerability to determine risk to
different configurations and priorities for remediation
• Communicate current cybersecurity threats and educate stakeholders on risks
• Simulate cyberattacks to identify vulnerabilities
• Participate in team problem solving efforts and offer ideas to solve the issues
• Performs static source code vulnerability analysis
• Work with external pen testers to continually improve security on the platform
• Responsible for writing and reviewing formal penetration test reports
documenting the details of a penetration test and all vulnerabilities, potential
issues, and strengths found during the test
• 3+ years of operational experience in Information Technology & Information
• Good written and verbal communication skills in English
• University Degree in Computer Science, Computer Engineering or other
• Certifications such as CEH, Security+, ISO 27K, SANS would be considered as
• Good interpersonal communication and presentation skills.
• Ability to be a team player.
• Ability to work effectively in multiple cultures and at a range of levels.
• Ability to constantly build up skillset using a mix of self-motivated and course
based learning environment.
• Ability to work independently, proactively to see the big picture and work
through solutions as needed.
• Good knowledge of Windows, Linux, data bases (MySQL, no-SQL),
antimalware,IDS and other security technologies.
• Basic understanding of virtualization and software-defined data center
• Knowledge of OSI reference model and networking fundamentals
(switching,routing, load-balancing, firewalling).
• Understanding of commonly used Internet protocols such as SMTP, HTTP, and
• Basic understanding of cryptographic functionality within such protocols
would be of advantage.
• Familiar with Security Regulations and Standards.
• Experience with API testing and Mobile Application testing
• Hands-on experience with two or more scripting languages such as
Python,Powershell, Bash, or Ruby
• Familiarity with penetration testing tools and tool suites such as Burp Suite,
OWASP ZAP, Kali Linux, etc
• Proficiency or experience in any one of the following tools would be anadded
advantage including Zed Attack Proxy, Micro Focus, Kiuwan, QARK,Android
Debug Bridge, CodifiedSecurity, Drozer, WhiteHat Security
• Ability to demonstrate clear understanding of following vulnerabilities
including SQL Injections, Cross Site Scripting (XSS), Broken Authentication &
Session Management, Insecure Direct Object References, Security
Misconfiguration, Cross-Site Request Forgery (CSRF), Participate in code
• An aptitude for technical writing, including assessment reports and
• Strong understanding of penetration testing frameworks
• Advanced knowledge of mobile application testing techniques, software
protocols and the ability to bypass common mobile application security
• Understanding of offensive security, including offensive evasion techniques
• General knowledge of web applications, databases, mobile, and cloud
• Strong knowledge of Open Web Application Security Project (OWASP) (WEB
• Ability to think outside the box and emulate adversarial approaches
Can't find jobs you're looking for?
Log In/Register for more opportunities!
Powered by a young and motivated team aiming to take Iran’s IT industry to the next level, Snapp has firmly established itself as the fastest growing start-up in Iran. We continue to look for young talent that wants to create a better tomorrow and positively impact people’s lifestyles.
We are honoured and proudly announce that Snapp is the first and largest ride-hailing service in Iran with over 14 million passengers and 300 thousand drivers within its fleet.
We continue to expand the team in order to reach our ambitious objectives! Hence, if you would like to be part of the best transportation solution in Iran, simply send your Resume.
500 employees or more
IT, Software & Internet Services
Register for free Use
and speed up job searching